Rapid Reaction Breach Response Team
Discovering you have been the subject of a data breach will be a huge concern for your organisation. The subsequent steps you take from the point of becoming aware of the breach will define the level of damage to your brand; affect your ability to understand how, when and where the breach occurred, and influence the penalties that will be imposed on you by the regulator.
Without good reason, you have just 72 hours to report the breach to the regulator and then the data subjects. What will you do next?
As a client of our fractional DPO services, one of the initial exercises your DPO will perform for you will be to implement a breach reporting process and protocols that are specific to the particular needs of your organisation. Therefore the action plan will be ready and waiting to be implemented.
Be aware however, that the 72 hour requirement is not ‘business hours’, it’s time. So if you’re informed of a breach at 5pm on a Friday afternoon, the clock starts ticking. Therefore by 5pm on Monday, you need to have gathered together and delivered the package of information required by the ICO. But do you have the resources to do this?
The DPO Centre can ‘parachute’ in the support you need, at any of your offices, anywhere within the UK. Our team, supported by your DPO and the procedures they will have created will carry out the necessary investigation work, completing the necessary documentation and continuously advising your senior management on how to manage the delicate PR exercise that will result.
The GDPR makes a data breach one of your organisations biggest risks. Contact us now and we can help ensure you mitigate that risk.